Overt state-to-state cyber conflicts are unlikely for the foreseeable future; states prefer to retain plausible deniability through surreptitious sponsorship of non-state cyber militias. International legal norms, NATO's Article 5 requirements, and UN Security Council procedural issues seem to limit NATO's options in responding to cyber events by non-state actors. However, there are three circumstances under which NATO may legally take cyber countermeasures against non-state actors: (1) when a nation-state fails to enforce the law against non-state actors within its borders; (2) when a cyber-disruption is tantamount to an economic blockade; and (3) if there is intelligence that indicates a pending cyber-attack by force, thereby necessitating anticipatory self-defense. The decision by NATO after 9/11 to pursue a non-state terrorist organization was a normative shift internationally; prior to this event, counterterrorism was widely viewed as a law enforcement issue. With China and Russia as permanent members of the UN Security Council, resolutions against countries for harboring cyber militias are unlikely. Both nations routinely tolerate-if not sponsor-cyber militias. NATO is the one enforcement arm with the resources to thwart the illicit militias.